Chill-project/chill-bundles
6
0
Fork 0
mirror of https://gitlab.com/Chill-Projet/chill-bundles.git synced 2025-06-07 18:44:08 +00:00
Code Issues Actions Projects Releases Wiki Activity

[feature] use internal services to check for acl on exports

Browse Source
This commit is contained in:
Julien Fastré 2022-09-08 13:47:35 +02:00
parent 211a80e9be
commit e379d8adb5
5 changed files with 42 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/Bundle/ChillMainBundle/Controller/ExportController.php
View File

@ -23,6 +23,7 @@ use Symfony\Component\Form\Extension\Core\Type\FormType;
use Symfony\Component\Form\Extension\Core\Type\SubmitType; use Symfony\Component\Form\Extension\Core\Type\SubmitType;
use Symfony\Component\Form\FormFactoryInterface; use Symfony\Component\Form\FormFactoryInterface;
use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpFoundation\Session\SessionInterface; use Symfony\Component\HttpFoundation\Session\SessionInterface;
use Symfony\Contracts\Translation\TranslatorInterface; use Symfony\Contracts\Translation\TranslatorInterface;
@ -142,10 +143,8 @@ class ExportController extends AbstractController
/** /**
* Render the list of available exports. * Render the list of available exports.
*
* @return \Symfony\Component\HttpFoundation\Response
*/ */
public function indexAction(Request $request) public function indexAction(): Response
{ {
$exportManager = $this->exportManager; $exportManager = $this->exportManager;

56
src/Bundle/ChillMainBundle/Export/ExportManager.php
View File

@ -14,6 +14,7 @@ namespace Chill\MainBundle\Export;
use Chill\MainBundle\Form\Type\Export\ExportType; use Chill\MainBundle\Form\Type\Export\ExportType;
use Chill\MainBundle\Form\Type\Export\PickCenterType; use Chill\MainBundle\Form\Type\Export\PickCenterType;
use Chill\MainBundle\Security\Authorization\AuthorizationHelper; use Chill\MainBundle\Security\Authorization\AuthorizationHelper;
use Chill\MainBundle\Security\Authorization\AuthorizationHelperInterface;
use Doctrine\ORM\EntityManagerInterface; use Doctrine\ORM\EntityManagerInterface;
use Doctrine\ORM\QueryBuilder; use Doctrine\ORM\QueryBuilder;
use Generator; use Generator;
@ -42,52 +43,38 @@ class ExportManager
/** /**
* The collected aggregators, injected by DI. * The collected aggregators, injected by DI.
* *
* @var AggregatorInterface[] * @var array|AggregatorInterface[]
*/ */
private $aggregators = []; private array $aggregators = [];
/** private AuthorizationCheckerInterface $authorizationChecker;
* @var AuthorizationChecker
*/
private $authorizationChecker;
/** private AuthorizationHelperInterface $authorizationHelper;
* @var AuthorizationHelper
*/
private $authorizationHelper;
/** private EntityManagerInterface $em;
* @var EntityManagerInterface
*/
private $em;
/** /**
* Collected Exports, injected by DI. * Collected Exports, injected by DI.
* *
* @var ExportInterface[] * @var array|ExportInterface[]
*/ */
private $exports = []; private array $exports = [];
/** /**
* The collected filters, injected by DI. * The collected filters, injected by DI.
* *
* @var FilterInterface[] * @var array|FilterInterface[]
*/ */
private $filters = []; private array $filters = [];
/** /**
* Collected Formatters, injected by DI. * Collected Formatters, injected by DI.
* *
* @var FormatterInterface[] * @var array|FormatterInterface[]
*/ */
private $formatters = []; private array $formatters = [];
/** private LoggerInterface $logger;
* a logger.
*
* @var LoggerInterface
*/
private $logger;
/** /**
* @var \Symfony\Component\Security\Core\User\UserInterface * @var \Symfony\Component\Security\Core\User\UserInterface
@ -98,7 +85,7 @@ class ExportManager
LoggerInterface $logger, LoggerInterface $logger,
EntityManagerInterface $em, EntityManagerInterface $em,
AuthorizationCheckerInterface $authorizationChecker, AuthorizationCheckerInterface $authorizationChecker,
AuthorizationHelper $authorizationHelper, AuthorizationHelperInterface $authorizationHelper,
TokenStorageInterface $tokenStorage TokenStorageInterface $tokenStorage
) { ) {
$this->logger = $logger; $this->logger = $logger;
@ -547,19 +534,16 @@ class ExportManager
. 'an ExportInterface.'); . 'an ExportInterface.');
} }
if (null === $centers) { if (null === $centers || [] === $centers) {
$centers = $this->authorizationHelper->getReachableCenters( // we want to try if at least one center is reachable
return [] !== $this->authorizationHelper->getReachableCenters(
$this->user, $this->user,
$role $role
); );
} }
if (count($centers) === 0) {
return false;
}
foreach ($centers as $center) { foreach ($centers as $center) {
if ($this->authorizationChecker->isGranted($role, $center) === false) { if (false === $this->authorizationChecker->isGranted($role, $center)) {
//debugging //debugging
$this->logger->debug('user has no access to element', [ $this->logger->debug('user has no access to element', [
'method' => __METHOD__, 'method' => __METHOD__,
@ -568,10 +552,6 @@ class ExportManager
'role' => $role, 'role' => $role,
]); ]);
///// Bypasse les autorisations qui empêche d'afficher les nouveaux exports
return true;
///// TODO supprimer le return true
return false; return false;
} }
} }

12
src/Bundle/ChillMainBundle/Repository/CenterRepository.php
View File

@ -30,6 +30,18 @@ final class CenterRepository implements ObjectRepository
return $this->repository->find($id, $lockMode, $lockVersion); return $this->repository->find($id, $lockMode, $lockVersion);
} }
/**
* Return all active centers
*
* Note: this is a teaser: active will comes later on center entity
*
* @return Center[]
*/
public function findActive(): array
{
return $this->findAll();
}
/** /**
* @return Center[] * @return Center[]
*/ */

17
src/Bundle/ChillMainBundle/Security/Authorization/ChillExportVoter.php
View File

@ -19,24 +19,23 @@ class ChillExportVoter extends Voter
{ {
public const EXPORT = 'chill_export'; public const EXPORT = 'chill_export';
protected AuthorizationHelperInterface $authorizationHelper; private VoterHelperInterface $helper;
public function __construct(AuthorizationHelperInterface $authorizationHelper) public function __construct(VoterHelperFactoryInterface $voterHelperFactory)
{ {
$this->authorizationHelper = $authorizationHelper; $this->helper = $voterHelperFactory
->generate(self::class)
->addCheckFor(null, [self::EXPORT])
->build();
} }
protected function supports($attribute, $subject): bool protected function supports($attribute, $subject): bool
{ {
return self::EXPORT === $attribute; return $this->helper->supports($attribute, $subject);
} }
protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
{ {
if (!$token->getUser() instanceof User) { return $this->helper->voteOnAttribute($attribute, $subject, $token);
return false;
}
return [] !== $this->authorizationHelper->getReachableCenters($token->getUser(), $attribute);
} }
} }

8
src/Bundle/ChillMainBundle/config/services.yaml
View File

@ -88,12 +88,8 @@ services:
- { name: validator.constraint_validator, alias: 'role_scope_scope_presence' } - { name: validator.constraint_validator, alias: 'role_scope_scope_presence' }
Chill\MainBundle\Export\ExportManager: Chill\MainBundle\Export\ExportManager:
arguments: autoconfigure: true
- "@logger" autowire: true
- "@doctrine.orm.entity_manager"
- "@security.authorization_checker"
- "@chill.main.security.authorization.helper"
- "@security.token_storage"
Chill\MainBundle\Security\Resolver\CenterResolverDispatcherInterface: '@Chill\MainBundle\Security\Resolver\CenterResolverDispatcher' Chill\MainBundle\Security\Resolver\CenterResolverDispatcherInterface: '@Chill\MainBundle\Security\Resolver\CenterResolverDispatcher'